Skills
skills/github/awesome-copilot/github-release/Gen Agent Trust Hub

github-release

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local git and gh (GitHub CLI) binaries to manage the release process. It correctly uses secure implementation patterns, such as quoted heredocs ('EOF') in Bash and the --body-file parameter in PowerShell, to ensure that untrusted data from the repository (like commit messages) cannot be executed as commands during the pull request creation step.
  • [PROMPT_INJECTION]: The skill contains an attack surface for Indirect Prompt Injection (Category 8) because it ingests and processes untrusted content from the repository's git history and code diffs. This is an inherent risk for tools that summarize external data.
  • Ingestion points: Step 3 (git diff and git log) and Step 4 (analysis of code changes) read potentially attacker-controlled text into the agent context.
  • Boundary markers: The instructions do not include specific delimiters or 'ignore' directives to separate the ingested git content from the agent's primary instructions.
  • Capability inventory: The skill grants the agent the ability to write to the filesystem (CHANGELOG.md), create commits, push branches to remote repositories, and create pull requests.
  • Sanitization: No explicit sanitization or filtering is performed on the commit messages or diff data before they are used to generate the final pull request body.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:46 AM